From 6950c42925396e5edfffe4746522bbf35de36282 Mon Sep 17 00:00:00 2001 From: steckbrief Date: Mon, 22 Aug 2016 16:03:10 +0200 Subject: Fixed string comparison from not equals to equals for slot_type check and added additional debug log message --- prosody-module/mod_http_upload_external/mod_http_upload_external.lua | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/prosody-module/mod_http_upload_external/mod_http_upload_external.lua b/prosody-module/mod_http_upload_external/mod_http_upload_external.lua index 335a9d1..cb59af4 100644 --- a/prosody-module/mod_http_upload_external/mod_http_upload_external.lua +++ b/prosody-module/mod_http_upload_external/mod_http_upload_external.lua @@ -43,7 +43,8 @@ module:hook("iq/host/"..xmlns_http_upload..":request", function (event) return true; end local slot_type = request.attr.type; - if not slot_type or slot_type ~= "upload" then + module:log("debug", "incoming request is of type " .. slot_type); + if not slot_type or slot_type == "upload" then -- validate local filename = request:get_child_text("filename"); if not filename then @@ -134,7 +135,7 @@ module:hook("iq/host/"..xmlns_http_upload..":request", function (event) reply:tag("get"):text(get_url):up(); reply:tag("put"):text(put_url):up(); origin.send(reply); - elseif slot_type ~= "delete" then + elseif slot_type == "delete" then -- validate local fileurl = request:get_child_text("fileurl"); if not fileurl then -- cgit v1.2.3 From 59fe1257143125df2510145b2e54b2ec15ed6653 Mon Sep 17 00:00:00 2001 From: steckbrief Date: Mon, 22 Aug 2016 16:57:52 +0200 Subject: exit module after sending error reply in case storage backend returned error code 500 --- prosody-module/mod_http_upload_external/mod_http_upload_external.lua | 2 ++ 1 file changed, 2 insertions(+) diff --git a/prosody-module/mod_http_upload_external/mod_http_upload_external.lua b/prosody-module/mod_http_upload_external/mod_http_upload_external.lua index cb59af4..ab7c0e0 100644 --- a/prosody-module/mod_http_upload_external/mod_http_upload_external.lua +++ b/prosody-module/mod_http_upload_external/mod_http_upload_external.lua @@ -75,6 +75,7 @@ module:hook("iq/host/"..xmlns_http_upload..":request", function (event) -- check the response if statuscode == 500 then origin.send(st.error_reply(stanza, "cancel", "service-unavailable", respbody)); + return true; elseif statuscode == 406 or statuscode == 400 or statuscode == 403 then local errobj, pos, err = json.decode(respbody); if err then @@ -152,6 +153,7 @@ module:hook("iq/host/"..xmlns_http_upload..":request", function (event) -- check the response if statuscode == 500 then origin.send(st.error_reply(stanza, "cancel", "service-unavailable", respbody)); + return true; elseif statuscode == 406 or statuscode == 400 or statuscode == 403 then local errobj, pos, err = json.decode(respbody); if err then -- cgit v1.2.3 From 1b4c02e5ca23781bef89be5e8497c0f225ff3036 Mon Sep 17 00:00:00 2001 From: steckbrief Date: Mon, 22 Aug 2016 16:59:40 +0200 Subject: exit module after sending error reply in case storage backend returned error code 403 --- prosody-module/mod_http_upload_external/mod_http_upload_external.lua | 2 ++ 1 file changed, 2 insertions(+) diff --git a/prosody-module/mod_http_upload_external/mod_http_upload_external.lua b/prosody-module/mod_http_upload_external/mod_http_upload_external.lua index ab7c0e0..64d5e3c 100644 --- a/prosody-module/mod_http_upload_external/mod_http_upload_external.lua +++ b/prosody-module/mod_http_upload_external/mod_http_upload_external.lua @@ -107,6 +107,7 @@ module:hook("iq/host/"..xmlns_http_upload..":request", function (event) end elseif statuscode == 403 and errobj["msg"] ~= nil then origin.send(st.error_reply(stanza, "cancel", "internal-server-error", errobj.msg)); + return true; else origin.send(st.error_reply(stanza, "cancel", "undefined-condition", "msg or err_code not found")); return true; @@ -172,6 +173,7 @@ module:hook("iq/host/"..xmlns_http_upload..":request", function (event) end elseif statuscode == 403 and errobj["msg"] ~= nil then origin.send(st.error_reply(stanza, "cancel", "internal-server-error", errobj.msg)); + return true; else origin.send(st.error_reply(stanza, "cancel", "undefined-condition", "msg or err_code not found")); return true; -- cgit v1.2.3 From 8510b8ababf9a983a6a2097fa0cf1b04a137e215 Mon Sep 17 00:00:00 2001 From: steckbrief Date: Mon, 22 Aug 2016 17:03:59 +0200 Subject: Add slot type in 403 message instead of fixed 'upload' string --- storage-backend/index.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/storage-backend/index.php b/storage-backend/index.php index eae06ef..a7c79d3 100644 --- a/storage-backend/index.php +++ b/storage-backend/index.php @@ -67,7 +67,7 @@ switch ($method) { // Check if xmppServerKey is allowed to request slots if (false === checkXmppServerKey($config['valid_xmpp_server_keys'], $xmppServerKey)) { - sendHttpReturnCodeAndJson(403, 'Server is not allowed to request an upload slot'); + sendHttpReturnCodeAndJson(403, 'Server is not allowed to request an '.$slotType.' slot'); } switch ($slotType) { -- cgit v1.2.3 From 6691b27bd11520a826d4ad5a94449603549854a0 Mon Sep 17 00:00:00 2001 From: steckbrief Date: Mon, 22 Aug 2016 17:04:46 +0200 Subject: missing & added to reqbody in delete type --- prosody-module/mod_http_upload_external/mod_http_upload_external.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/prosody-module/mod_http_upload_external/mod_http_upload_external.lua b/prosody-module/mod_http_upload_external/mod_http_upload_external.lua index 64d5e3c..11175ee 100644 --- a/prosody-module/mod_http_upload_external/mod_http_upload_external.lua +++ b/prosody-module/mod_http_upload_external/mod_http_upload_external.lua @@ -145,7 +145,7 @@ module:hook("iq/host/"..xmlns_http_upload..":request", function (event) return true; end -- build the body - local reqbody = "xmpp_server_key=" .. xmpp_server_key .. "slot_type=delete&file_url=" .. fileurl .. "&user_jid=" .. orig_from; + local reqbody = "xmpp_server_key=" .. xmpp_server_key .. "&slot_type=delete&file_url=" .. fileurl .. "&user_jid=" .. orig_from; -- the request local respbody, statuscode = http.request(external_url, reqbody); respbody = string.gsub(respbody, "\\/", "/") -- cgit v1.2.3